Re: [aerogear-dev] Goals on Security
I'm changing the subject because I don't want to hijack that thread.
Summers Pittman wrote:
I see the crypto bits for android. If we include file system/SQLite
encryption then it dovetails nicely into 1.4 which is
offline/prefetch/etc.
+1
However, I don't see any use cases/goals/etc. IE I'm not
sure what
implementing crypto will look like. This may be my problem though
Currently
I'm working to provide easy to use encryption for JS, iOS and
Android (https://github.com/abstractj/cryptoparty). This project aims to
provide: password encryption, symmetric/asymmetric encryption,
hashing...and all the things to mess up with your data. Once I have a
first draft, documentation + the usage and scenarios will be included to
some whatever AeroGear Crypto spec.
(The name of the project will change, or not)
I was just wondering about 2 possible showcase apps:
- Encrypted chat (it creates a dependency on the server side) -1 on it
- Password manager app (do not depend on the server until we start to
discuss data sync) +1
I was wondering, will this be a good time to drag in more enterprise
features like remote wipe, authz, and friends?
I think they are all good features. ATM I would say, let's stay focused
on offline encryption and be more server independent as possible. Also
feel free to send a PR to our security roadmap
(https://github.com/aerogear/aerogear.org/blob/master/docs/planning/roadma...)
I can't guess how many kit kats we want :)
Makes sense?
--
abstractj
Attachments:
- signature.asc (application/pgp-signature — 495 bytes)